According to the reporter, the Zmodo ZP-NE14-S DVR and ZP-IBH-13W cameras contain undocumented credentials for accessing the device via telnet. These credentials allow root access to the device, and are hard-coded and cannot be changed by the user.
Additionally, these cameras contain an always running instance of telnet that allows network access by an attacker. Telnet cannot be disabled.